Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-9197

Prototype Javascript Framework - CVE-2020-27511

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 5.16.3, 5.16.4, 5.16.5
    • 5.18.0, 5.16.6, 5.17.4
    • Web Console
    • None

    Description

      An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.1 version 1.6 and below where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.

       

      See https://nvd.nist.gov/vuln/detail/CVE-2020-27511 for further details

       

      prototype.js is part of activemq-web-5.16.3.jar which is shipped inside activemq-web-console.war

       

      Can someone please confirm the affected projects of activeMQ for this prototype.js library..

      Attachments

        Activity

          People

            jbonofre Jean-Baptiste Onofré
            somasaninikhil Nikhil
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 10m
                10m